github.com/instana/go-sensor@v1.62.2-0.20240520081010-4919868049e1/matcher.go (about)

     1  // (c) Copyright IBM Corp. 2021
     2  // (c) Copyright Instana Inc. 2020
     3  
     4  package instana
     5  
     6  import (
     7  	"fmt"
     8  	"regexp"
     9  	"strings"
    10  
    11  	"github.com/instana/go-sensor/secrets"
    12  )
    13  
    14  const (
    15  	// EqualsMatcher matches the string exactly
    16  	EqualsMatcher = "equals"
    17  	// EqualsIgnoreCaseMatcher matches the string exactly ignoring the case
    18  	EqualsIgnoreCaseMatcher = "equals-ignore-case"
    19  	// ContainsMatcher matches the substring in a string
    20  	ContainsMatcher = "contains"
    21  	// ContainsIgnoreCaseMatcher matches the substring in a string ignoring the case
    22  	ContainsIgnoreCaseMatcher = "contains-ignore-case"
    23  	// RegexpMatcher matches the string using a set of regular expressions. Each item in a term list
    24  	// provided to instana.NamedMatcher() must be a valid regular expression that can be compiled using
    25  	// regexp.Compile()
    26  	RegexpMatcher = "regex"
    27  	// NoneMatcher does not match any string
    28  	NoneMatcher = "none"
    29  )
    30  
    31  // Matcher verifies whether a string meets predefined conditions
    32  type Matcher interface {
    33  	Match(s string) bool
    34  }
    35  
    36  // NamedMatcher returns a secrets matcher supported by Instana host agent configuration
    37  //
    38  // See https://www.instana.com/docs/setup_and_manage/host_agent/configuration/#secrets
    39  func NamedMatcher(name string, list []string) (Matcher, error) {
    40  	switch strings.ToLower(name) {
    41  	case EqualsMatcher:
    42  		return secrets.NewEqualsMatcher(list...), nil
    43  	case EqualsIgnoreCaseMatcher:
    44  		return secrets.NewEqualsIgnoreCaseMatcher(list...), nil
    45  	case ContainsMatcher:
    46  		return secrets.NewContainsMatcher(list...), nil
    47  	case ContainsIgnoreCaseMatcher:
    48  		return secrets.NewContainsIgnoreCaseMatcher(list...), nil
    49  	case RegexpMatcher:
    50  		var exps []*regexp.Regexp
    51  		for _, s := range list {
    52  			ex, err := regexp.Compile(s)
    53  			if err != nil {
    54  				sensor.logger.Warn("ignoring malformed regexp secrets matcher ", s, ": ", err)
    55  				continue
    56  			}
    57  
    58  			exps = append(exps, ex)
    59  		}
    60  
    61  		return secrets.NewRegexpMatcher(exps...)
    62  	case NoneMatcher:
    63  		return secrets.NoneMatcher{}, nil
    64  	default:
    65  		return nil, fmt.Errorf("unknown secrets matcher type %q", name)
    66  	}
    67  }
    68  
    69  // DefaultSecretsMatcher returns the default secrets matcher, that matches strings containing
    70  // "key", "password" and "secret" ignoring the case
    71  func DefaultSecretsMatcher() Matcher {
    72  	m, _ := NamedMatcher(ContainsIgnoreCaseMatcher, []string{"key", "password", "secret"})
    73  	return m
    74  }